Publications
Partners
- WhatsApp recently announced that users can log in on up to four different devices using the same phone number.
- While this feature is likely to be popular with many users, it has raised some concerns about the security implications of allowing multiple devices to access the same account.
- To better understand what these concerns could be, or whether there's nothing to worry about, we spoke with cybersecurity expert and managing director of CyberSec, Nathan Desfontaines.
- For more stories, visit the tech and trends homepage.
WhatsApp recently announced that users can log in on up to four different devices using the same phone number.
While this feature is likely to be popular with many users, it has raised some concerns about the security implications of allowing multiple devices to access the same account.
To better understand what these concerns could be, or whether there's nothing to worry about, we spoke with cybersecurity expert and managing director of CyberSec, Nathan Desfontaines, who says that, for the most part, the risks have to do with the everyday risks people face online, and not necessarily anything WhatsApp can have control over.
"Remember that both Instagram and Messenger - Meta owned platforms - allowed users to have the app on multiple devices before WhatsApp introduced this new feature, so, in essence, WhatsApp was the only platform in Meta's arsenal that didn't allow it," he says.
"But, with that, comes inherent risks, and what I'm talking about are risks that the user faces which WhatsApp can't necessarily have control over, like normal phishing scams, which the users will still be susceptible to."
He adds:
"Also, if the device is off for 14 days, then they will automatically log that session out and they'll also disconnect linked devices after 30 days of inactivity."
Lost or stolen phone
Desfontaines says another potential risk to keep in mind is that, if the device is lost or stolen, the responsibility will fall on the owner to remove their lost/stolen device from their linked devices.
If they fail to do so, the person who has the lost/stolen device can remove the owner's other linked devices and link their own. This also applies if you have sold your device without disconnecting it as a linked device. The person who purchases it can gain access to your WhatsApp profile and link their own devices to it.
"With this new feature, it is crucial to regularly check which devices are linked, and WhatsApp has made this feature available to users," he says.
"However, if a cyber attacker compromises your device and signs you out of your linked devices, then you may lose control of your profile. In such cases, the user would have to go through a process with Meta to alert them that their account has been compromised."
Unfortunately, cyber attackers are also exploiting this process and posing as legitimate customers trying to get back into their accounts. As a result, Meta faces a significant administrative burden in distinguishing between genuine customers and attackers.
"Despite these concerns, Meta assures users that end-to-end encryption will be maintained among all linked devices. To ensure the security of their accounts, users can take proactive measures, such as enabling two-step verification," Desfontaines says.
Up to the user
All in all, Desfontaines reiterates that, if users get into the habit of regularly checking their linked devices, they should be okay.
Ultimately, the decision to use this new feature is up to individual users, who should weigh the potential benefits of being able to access their WhatsApp account on multiple devices against the potential risks.
WhatsApp also announced that they are introducing a more accessible way to link devices.
"Now, you can enter your phone number on WhatsApp Web to receive a one-time code, which you can use on your phone to enable device linking, rather than having to scan a QR code."
